I am logging events from my Defence centre to Splunk, however, while I do receive the Intrusion events, I am not receiving the Security intelligence events. Whats the script to enable the same on Splunk?
You can use Add-on to get data into Splunk. You can also use Cisco Security Suite App for visualization.
Splunk Add-on for Cisco FireSIGHT (formerly Splunk Add-on for Cisco Sourcefire) - https://splunkbase.splunk.com/app/1808/
Cisco Security Suite - https://splunkbase.splunk.com/app/525/
https://splunkbase.splunk.com/app/1629/
The above app says that security intelligence is optional but available in splunk
I already have the app and am currently getting both amp and intrusion events however I'm missing the security intelligence events